[postgis-devel] About EXTENSION from UNPACKAGED on PostgreSQL 13
Sandro Santilli
strk at kbt.io
Thu Feb 27 09:26:44 PST 2020
On Wed, Feb 26, 2020 at 10:28:11AM -0500, Stephen Frost wrote:
>
> * Sandro Santilli (strk at kbt.io) wrote:
> >
> > When someone has postgis objects installed via
> > scripts (not via extension), can CREATE EXTENSION
> > technically mark those objects as being part of
> > an extension instead ? That's exactly what
> > `FROM UNPACKAGED` does at the moment. The question
> > is: is it legit to do so from CREATE EXTENSION ?
>
> The reason that we removed that ability from PG, as planned for v13, is
> that it's inherently dangerous to do that...
Can you give an example attack vector ?
> it's also clearly rife for
> abuse when combined with the trusted extension concept which allows
> non-superusers to install extensions that have C code.
Hopefully we can just plug those holes, and meanwhile leave the extension
advertised as non-trusted (until we trust it), to get the same or
comparable user experience as we have with PostgreSQL < 13
I'm now really thinking we should start having
CREATE EXTENSION ${any_postgis_extension}
take care of packaging, if needed (right now it would just refuse to
run if an existing unpackaged install is found, we could change that
to instead package it).
--strk;
More information about the postgis-devel
mailing list